Monday, April 4, 2016

Encryption doesn't help very much if everyone has the key

Let's say you want your app to communicate securely to its server. So you decide to encrypt the data. That's great! But how do you determine the key?

If you hardcode an encryption key into your client and server, you've given it to everybody, including bad guys who want to intercept your traffic. It doesn't matter how much you obfuscate it; the key will get found. Anybody who has the key can decrypt the traffic, and so encrypting your traffic doesn't help at all if you distribute that key freely.

If you have the server send the client the key to use each session, a bad guy listening on the network can grab the key too and use it to decrypt the data. Again, you're then just handing everyone the secret.

The right way to do encryption over an untrusted network with untrusted clients is with public-key infrastructure and key exchange. If you distribute your public key with the client, it can check whether the server is legit (i.e. not spoofed by an attacker). Have the client encrypt a random symmetric key with the public key, then the server will be able to unlock it with the private key, which only the server keeps. Once the symmetric key is securely transferred, you can open a normal session encrypted with it.

No comments:

Post a Comment